Description

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

Remediation

References

http://markmail.org/message/j774dp5ro5xmkmg6

Related Vulnerabilities

CVE-2022-39250 Vulnerability in npm package matrix-js-sdk

CVE-2021-34080 Vulnerability in npm package ssl-utils

CVE-2023-31716 Vulnerability in npm package @frangoteam/fuxa

CVE-2022-31110 Vulnerability in npm package rsshub

CVE-2019-10323 Vulnerability in maven package org.jenkins-ci.plugins:artifactory

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory